Answer:Dear users now you can ask your questions here, and get reply from Rahul Tyagi himself with in 72 hours. Follow the rules of the FAQ section and enjoy our new feature.

You can ask any of your doubts here things like hacking facebook,accounts, gmail hacking ,cc hacking etc will be depeted on immediately ad user or guest's IP will be banned. So please ask your queries only related to professional infosec.

General Computer and cyber world queries are allowed and will be answered in respective time limit for sure.

You can try these testings on your websites which are enough to generate a gud tsting report.

1. By pass authentication tests ( SQL Injection )

2. Union based Injections

3. Error based Injections(For aspx)

4. Web Application firewall penetration testing (If deployed)

5. Cross Site Scripting

6. Cross Site Flashing

7. DDOS Attack testing

These above attacks except DDOS you can deploy manually and if you are intrested in making a automated report i recommend go fr Acunetix or IBM Rational Scanner.

For checking XSS You can try many online xss scanners like www.xss-scanner.com or google dom based online xss scanner. for SQLi you can hands on Pro Version of Havij.(Havij Pro also handles Error based injection)

Answer:Well dear first at our end its not possible in a easy manner but yes ,
TOR is also a company under law enforcement work, they only give details
to crime investigation agencies. Before giving you fake ip they log
your real ip n with every fake IP your real IP relates.

And by
giving the traced IP of TOR even they can give details dat at what time
that fake IP was given to this ISP user. so at the end v can grab the
person.

sir my question is if i am using TOR in vidalia den my ip address will be continueosly changing even google is confused about my current location and i have heard dat criminals are using this type of techniques for mail

so how we can find the actual ip address and how we can trace the mail for this type of difficulty

Sir i have found xss vulnurability in so many websites and reported it succesfully but i want to know how to deface the website using xss and csrf vulnurability,how to hack database and imp files from server using this type of vulnurabilities

Answer:First its gud your have found XSS and reported the respective organisations, second i do not support defacement of websites as you can google there is not a single hit in which i encourage defacement. But yes instead of defacement you come research on how to protect websites from SQL injection and Preventions for coders against XSS attacks . That will be much better.

Sir i am using backtrack in vmware workstation 10, i am able to do penetration testing with all modules but here i am facing problem in cracking wap or wep password . so my question is is dat possible to crack wap or wep usning backtrack in vmware virtual machine or any batter option to crack wap encryption

Answer:Dear Yash,

Well In VMware your wirless card becomes wired so through vmware you can not crack any wifi unless your laptop is from HCL or you are using a external wifi adapter.

Rest if you want to crack WPA and WPA-2 encryption keys:-

1. FOr WEP --> Gerix Wifi Cracker in Backtrack2. WPA- WPA2--> Reaver in Back track here is the article i wrote on hacking WPA and WPA-2 security.

SIR I HAVEE TESTED SO MANY WEBSITES FOR RFI FAULT BUT I HAVE NOT FOUND SINGLE WEBSITE WHICH IS VULNURABLE TO THIS ATTACK MAY BE MY METHOD IS WRONG SO I WANT YOU TO POST ONE TUTORIAL ON REMOTE FILE INCLUSION WITH SCREENSHOT SO WE CAN UNDERSTAND IT . THANKS

Answer:Dear YAsh he he i think you have lots of questions lol :P anyways well RFI and LFI are very hard to get these days but still i recommend go for GHDB from www.exploit-db.com and get some dorks google it and you will get it definitely.

There are many websites for example in which question papers can be obtained but they can't be assessed without password so how can they be hacked so that i can have a assess to it?

Answer:Well i never checked for any of these kind of websites , i always use to study my subject and pass the exams :) . So instead of looking for exam papers read your books properly. Bcz after your study only your knowledge is going to help you in corporate world.

Sir, i am using super hide ip and use russian proxy but some link are not open properly like this site...tell me why..??? is it possible to if i use another country proxy then open this site or other...???

Answer:You can try Anonymox Plugin in Mozilla firefox , or use ultra surf.

Google Ultra Surf and download it works fine if not the Hot spot security sheild will work.

I'm diffing a patch in windows 7 I've extracted the patched file from the .msu file i want to triggering the vulnerability now can you please give me an example ?

Answer:Well first please let us know what kind of vulnerability you are talking about, untill we do not know the vulnerability we can't suggest you the compatible exploit for that so please specify the vulnerability type first.

I am b.tech student & i want to make career in ethical hacking ......kindly guide me what should i do?

Answer:Dear Sangeeta,

First you have to come up with a certification in the filed of ethical hacking, you can join our CCSE V.2 course and after training you can apply as information security consultant any where.

For international certification you can go for EC-COUNCIL's CEH dat's bit expensive for you in starting.

Last thing read read read maximum you can , learn about security rather than hacking. Because no company will hire you if you only know how to hack, so how to protect is more important.

If you are looking for a distance edutcaion hacking course you can get our Official Hacking Crux toolkit in Rs 1499 only it has One Book + Two DVD WIth video course and software. For people who are starter its the best kit till date.

For ordering FIll the form here : http://goo.gl/2gyda and learn ethical hacking by sitting at home.

sir I just notice that we can login in facebook with a white space <BR> in our username or e-mail id for example spouse my username is <BR> "rockstar" and we can longin into fb with "rock star" and "rock.star" <BR> how can it possible because id n user name are always unique?

Answer:Well this question can be better replied by facebook itself :) mail them and let us know too, as we havnt tried it ever.

Sir, is dat necessary to have such certificate for making career in ethical hacking field ??? bcz without attanding any seminar or classes i am able to hack website using sql injectn and with many exploit i am able to hack wifi and now after your kind help m also able to crack wap and wep keys so i am electronics&communicatn enginner so i am good in networking and wireless communication too but i dont have any CEH or CCSE certificate m also able to do sms spoofing using temper data i mean i have learn a lot in cyber security field so plz guide me what should i do should i go for any classes or not??

Answer:Well its great that you have knowledge about security aspects but one thing is there, that if you want to make career in the field of information security then you must have CEH or further LPT bcz without these certifications outside India and in India very few companies will recognize you as professional white hat. Hence its better to have Certifications like these and then join any company.

Respected sir, i have found xss vulnurability in 3 websites in dat 1--> newtronics company mumbai 2--> my college website and the last one is big CISCO but first two orgenisation have no time to replay me back :D but cisco team replied me dat dey will fix the bug soon but still 2 day pass away but bug is still der and by using this vulnerability an attcker can steal cookies redirect an user to infected sites and deface the website. so what can i do now??

Answer:We wil be able to answer your first question only that is CISCO is not replying, well they have their own criteria of following and patching the vulnerability, like some companies can take up top 3 months even for reply. Hence you have to wait for the reply ....

Sir i want to know the complete use of asterisk and proper download link for voip calling before 6 month there was a website mobivoix which allow user to voip call from any number to any one . so i want to knw is der any other website who allow its user to call from anty number to anyone.

Answer:There are many websites that cna help you to call with random number.

sir, i was trying to call a person by his own number by using the website mobivox but i think the site is not correct.....its a business site...so please sir reply me to solve this query Thank you

Answer:Well till now in India its highly illegal to call spoofing , but you can tru evaphone.com jus google evaphone and you can call you relatives friends with any random number suggested by the organisation website.

Since I am a b.tech student and opted for the self-study for CEH certification. Therefore, I need to attend the training at an ATC (Accredited Training Center). Sir, I have the following queries;

1. What books should I prefer for the study of certification? 2. I have attended the workshop conducted by Mr. Sunny Vaghela. So it will be sufficient for the training and if not what are the best available options for the training? 3. Whether techdefence provides the training or not?

Please add more information which you think is necessary.

Waiting for a prompt reply...>

Answer:Training Certification is offcoure required. to get job dear.

http://www.lucideus.com/pdf/Lucideus_Summer_Training.pdf

here is INdia's most advanced information security cerification known as LCEH

Sir i want to know how to make uid=0 and gid=o to take over the database of website.

Answer: Rooting server is totally different thing, first you have to get server details , hen compatible shell(Control Panel) then access to the shell, and at the end of the day, you need 777 permissions on the same server

Sir i have used metasploit for lan networks but but i do not found any use of metasploit for penetration test for web applications plz giude me how to use it for website penetration test?

Answer:Dear Raj,

With msf we can hack all most anything relates to technology available. You can hack mobiles phones, windows, linux, mac etc etc. Its jus anything you can pwn with msf along with latest private and public exploits.

In msf we have many way to execute remote web application exploits to get access of the servers and many other vulnerabilities.

For more basic you can refer my paper from exploit-db.com, here is the link

Dear sir, since long time i have dis question bcz i have not seen any advertisement of cyber security analyst needed or ethical hacker needed i have not even heard from any 1 dat any company hiring cyber security analyst or ethical hacker so if i will get ceh or ccse certificate den after in which company i can make my carrier ??

Answer:Well first thanks for asking such a fab question, and i love to reply this kind of questions. First lets talk about career in cyber security, well dear there are many fields where people are being hired but yes if you are looking for persons with Title ethical hackers then its difficult to quote. People are hired as Web Application Penetration Testers, professional Reverse Engineering, Network security Administrator, Android malware analyzers and many more..

The only thing which matters how hard you are on the works and how much passionate you are in security field. Certifications does matters, but more matter is your spark. if the spark is there , with the time that spark will be converted into fire and every company will love see and hire you for the same.

To start with you can come to us with thsi certification called LCEH, here is the link http://www.lucideus.com/training/ come and see how hard we do things and how much serious we took things .

DEAR SIR,SOME DAYS AGO I LOGGED IN MY FACEBOOK ACCOUNT FROM MY BOYFRND;S LAPTOP AND HE GOT MY PASSWORD :D SO MY QUESTION IS HOW TO KNW THE PRESENSE OF ANY KEYLOOGER BCZ DAT KEYLOGGER CAN BE OPENED ONLY BY PRESSIN SOME KEY COMBINATION SO PLZ HELP ME SO FROM NEXT TYM WHEN I USED MY BF OR ANY OTHER PERSON LAPTOP I CAN SECURE MY LOGIN.

Answer:

Answer: Well there are lots of keyloggers so i cannot suggest you a rock solid solution for this, but yes maximum people go for trial version keyloggers which can be seen at task manager bar. Hence you can identify the keylogger before typing the password.

Rest you can install Keyscrabmbler in Mozilla firefox as add on and even then if they have keylogger no one can see what you have typed. :) and i hope you can force your BF to install keyscrambler in his browser ha ha . Gud Luck .

There are lot of ways to root android device but it different from Mobile Vendor to Vendor and OS dear. But you can try Unlock Root its good application to start with. Make A Google Search Unlock Root.

What are these cyber forensics?? and how are they useful to a ccse student?? and is there any other website or material where we can understand cyber forensics properly?? how are these used??

Answer:

Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.

Students can adopt this field to become a cyber forensic investigator and can help investigation agencies in any cyber crime incident.

Students can start learning from this Youtube Link : https://www.youtube.com/channel/UC7X3iS_dQ0seZbdkrZ0R-fA

Sir please tell me about the best keyloager and from where i can download it.

Answer:

Well dear there is nothing like best keylogger of bad it depends upon how a person is using it. I woul recommend Family Keylogger which i suggest to parents to monitor their children's activities on internet.

You ca download Family Keylogger from This Link : spyarsenal.com/familykeylogger/

I'm very much interested to take this course. This is a serious inquiry!!! Can you please tell me how much this training cost in terms of your fees, how many days it takes? and for those days what is the estimated cost of an accommodation which one has to use for the duration of the course?

I'm not a beginner to computers but almost a beginner when it comes to ethical hacking.

Sincerely,
Marz

Answer:

Dear Marz thanks for your query , but we do not have any Lab in Chandigarh at this time. If you really wana do the certification from our Organisation then you can come down to New Delhi . It wil cost you Rs 20000 for One month training from us and living cost will be near 7-8k a month.

Hello Sir,
i lost my yahoo account password, also the answer of my security ques. and i also forget the password of my alternate email address.and my registered mobile no. is here but the option of sending msg to your mobile is not working..i have only the way to recover my account ..but that is not working ..i send you the details of my account at following :-
my account :- gumbernitish@yahoo.in
security ques :- what is the first name of your favourite uncle ?
Alternate email :- gumbernitish00@gmail.com

i lost both the passwords of the id nd also forget the answer of security ques.. sir , its urgent ..please do something ..nd recover it
Thanking you,
Nitish gumber
8054488537

Answer:

Dear Nitesh, its bit hectic process but you can try the following process.

In case of a hacked account send a mail describing your problem to account-security-help@cc.yahoo-inc.com. If this doesn't help, call Yahoo: 1-408-349-1572, or 1+ 866-562-7219 then press on #2 explain to a customer service person what happened. They will ask you to do certain things and then they compare your original info with the changed info. Within 24 hrs you should get your account back!

<Since i am doing the self preparation for the CEH certification and don't have any work experience regarding information security. So, whether its necessary to have training at some accredited training center, and if needed then please list down the center and add additional information which you think is necessary.?

Answer:

We cannot comment on this bcz CEH is a white hand certification , as we have LCEH which is far more advance than CEH.

Hello Sir, I am commerce graduate, I want to make my carrier in computer networks, hacking. could you please guide me from where can i start? and what can i do first? I am interested in linux, ccna, ccnp also

Answer:It does not a issue if you are from computer background or not. but yea if you are it will be a add on. To start you can join our Summer or Winter training program on ethical hacking. http://www.lucideus.com/training/ and it will be great if you are interested in linux and other things.